5.3. Kompatibilita Puppet 2.7 / 3.7

If you are using Puppet, please be aware that Puppet 3.7 is not backwards
compatible with Puppet 2.7. Among other things, the scoping rules have
changed and many deprecated constructs have been removed. See the Puppet
3.x release notes for some of the changes, although be aware that
there are further changes in 3.7.

Checking the log files of your current puppetmaster for deprecation warnings
and resolving all of those warnings before proceeding with the upgrade will
make it much easier to complete the upgrade. Alternatively, or
additionally, testing the manifests with a tool like Puppet catalog
test may also find potential issues prior to the upgrade.

When upgrading a Puppet managed system from Wheezy to Jessie, you must
ensure that the corresponding puppetmaster runs at least Puppet version
3.7. If the master is running Wheezy's puppetmaster, the managed Jessie system will not
be able to connect to it.

As a result of this change, existing code using ssl:// or tls:// stream
wrappers (e.g. file_get_contents(), fsockopen(), stream_socket_client())
may no longer connect successfully without manually disabling peer
verification via the stream context's "verify_peer" setting.

For more information about this particular issue, please read this document.

PHP v mnohých prípadoch mení rozlišovanie veľkosti písmen:

All internal case insensitivity handling for class, function, and constant
names is done according to ASCII rules. Current locale settings are
ignored.

The keywords "self", "parent", and "static" are now always case insensitive.

It is no longer possible to overwrite keys in static scalar arrays. Please
see PHP bug 66015
for an example and more information about this particular issue.

The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}() functions no
longer accept keys or IVs with incorrect sizes. Furthermore an IV is now
required if the used block cipher mode requires it.

For legal reasons, the JSON implementation bundled with PHP has been
replaced with the version provided by the "jsonc" PECL module. Code that
makes assumptions about the finer implementation details of the PHP JSON
parser may need to be reviewed.

The "short_open_tag" setting is now disabled by default. The ASP variant of
the short tags ("<%" and "%>") are scheduled for removal in PHP7.

For more information or the full list of potential issues, please have a
look at upstream's list of backwards incompatible changes for PHP 5.5 and
5.6.

5.5. Nekompatibilné zmeny v Apache HTTPD 2.4

Poznámka

This section only applies to systems which have installed an Apache HTTPD
server and configured it manually.

There have been a number of changes to the configuration of the Apache HTTPD
server in version 2.4. On the upstream side, the syntax has changed.
Notably, the access control directives have changed considerably and will
need manual migration to the new directives.

The mod_access_compat module is mentioned in the upstream
upgrade guide as a possible alternative to immediate migration. However,
the reports suggest it may not always work.

The managing of configuration files has also been changed in the Debian
packaging. In particular, all configuration files and sites must now end
with ".conf" to be parsed by default. This change also replaces the
existing use of /etc/apache2/conf.d/.

Poznámka

During the upgrade, you may also see warnings about configuration files
placed in /etc/apache2/conf.d/, which are provided by
packages from Debian. This warning is unavoidable but harmless as the
affected packages will move their configuration once their upgrade completes
(which will generally happen after the Apache HTTPD emits its warning).

Please note that the upgrade may install packages containing "systemd" in
their name even with APT pinning. These alone do not
change your init system. To use systemd as your init system, the
systemd-sysv package must be
installed first.

If APT or aptitude has issues computing an upgrade path with the pin in
place, you may be able to help it by manually installing both sysvinit-core and systemd-shim.

The new default init system, systemd-sysv, has a stricter handling of failing
"auto" mounts during boot compared to sysvinit. If it fails to mount an
"auto" mount (without the "nofail" option), systemd will drop to an
emergency shell rather than continuing the boot.

We recommend that all removable or "optional" mount points (e.g.
non-critical network drives) listed in /etc/fstab
either have the "noauto" or the "nofail" option.

5.6.2. Zastaralé init skripty by ste mali odstrániť (purge)

If you are upgrading from previous releases, your system may contain
obsolete init-scripts provided by (now) removed packages. These scripts may
have inaccurate or no dependency metadata, which can lead to dependency
cycles in your init configuration.

To avoid this, we recommend that you go and review the list of packages that
are in the "rc" ("Removed, but Config-files remain") state, and purge at
least all those containing init-scripts.

5.6.3. Locally modified init-scripts may need to be ported to systemd

Poznámka

This section only applies to systems where Debian-provided init scripts have
been modified locally.

If you have modified some of the init scripts provided by Debian, please be
aware that these may now have been superseded by a systemd unit file or by
systemd itself. If you have debsums installed, you can check for locally
modified init scripts by using the following shell command.

If either command flags any files and their corresponding packages
or the systemd
now provides an systemd unit file for that service, the systemd unit file
will take precedence to your locally modified init script. Depending on the
nature of the change, there are different way to perform the migration.

If necessary, it is possible to override the systemd unit file to have it
start the sysvinit script. For more information on systemd unit files,
please have a look at the following resources.

5.6.7. systemd: issues SIGKILL too early [fixed in 8.1]

Poznámka

This issue was fixed in the 8.1 Jessie point release.

A regression was reported in systemd after the Jessie release. The bug
occurs during shutdown or reboot, where systemd does not give any reasonable
delay before issuing SIGKILL to processes. This can lead to data loss in
processes that have not saved all data at the time of the reboot
(e.g. running databases).

5.6.8. systemd: behavior of 'halt' command

The sysvinit implementation of the
halt command powered off the machine as well. The
systemd-sysv implementation halts
the system, but does not power off the machine. To halt the machine and turn
it off, use the poweroff command.

This is required as the Wheezy host lacks functionality to boot a system
running systemd.

You should be able to switch over to systemd inside the LXC guest once you
have upgraded the host system to Jessie. See the next
paragraph for things that need to be adapted on Jessie hosts.

5.8.2. Aktualizácia hosťov LXC bežiacich na hostiteľoch Jessie

In order to be able to boot LXC guests with systemd, you need to adapt your
LXC container configuration. The container configuration can usually be
found in
/var/lib/lxc/CONTAINER_NAME/config
You need to add the following two settings to the configuration:

5.8.3. Ďalšie informácie

This section is only for people who have set up LUKS encrypted disks
themselves using the whirlpool hash. The debian-installer has
never supported creating such disks.

If you have manually set up an encrypted disk with LUKS
whirlpool, you will need to migrate it manually to a stronger hash. You can
check if your disk is using whirlpool by using the following command:

# /sbin/cryptsetup luksDump <disk-device> | grep -i whirlpool

For more information on migrating, please see item "8.3 Gcrypt 1.6.x and
later break Whirlpool" of the cryptsetup
FAQ.

Výstraha

If you have such a disk, cryptsetup
will refuse to decrypt it by default. If your rootdisk or other system
disks (e.g. /usr) are encrypted with whirlpool, you should migrate them
prior to the first reboot after upgrading cryptsetup.

5.12. Zmeny predvolených klávesových skratiek v GNOME

Shortcut settings previously modified by the user will be preserved upon
upgrade. These settings can still be configured from the GNOME control
center, accessible from the top right menu by clicking on the "settings"
icon.

5.13. Changes to default shell of system users provided by base-passwd

The upgrade of the base-passwd
package will reset the shell of some system users to the "nologin" shell.
This includes the following users:

daemon

bin

sys

sync

games

man

lp

mail

news

uucp

proxy

www-data

backup

list

irc

gnats

nobody

If your local setup requires that any of these users have a shell, you
should say no to migrating, or migrate and then change the shell of the
corresponding users. Notable examples include local backups done via the
"backup" user with "ssh-key" authentication.

Výstraha

The migration will happen automatically if your debconf question priority is
"high" or above.

If you know you want to keep the current shell of a given user, you can
preseed the questions by using the following:

Where username is the name of the user in
question and current-shell-mangled is the mangled
name of the shell. The mangling is done by replacing all characters other
than alphanumerics, dashes, and underscores with underscores.
E.g. /bin/bash becomes _bin_bash.

5.14. Migration to new KDE E-mail, Calendar, and Contacts (Kontact)

The Kontact Personal Information Management system has received a major
upgrade. The new version makes much greater use of metadata indexing and
each user's data must be migrated into these new indices.

E-mail, calendar events, and addressbook contacts are automatically migrated
when the user logs in and the relevant component is started. Some advanced
settings such as e-mail filters and custom templates require manual
intervention. Further details and troubleshooting suggestions are collected
on the Debian
Wiki.

This issue is currently reported as fixed in Jessie. Should you still be
able to reproduce it, then please follow up to Debian Bug#766462. Note that you may have to
unarchive the issue first (please refer to the Debian BTS control
server documentation on how to unarchive bugs).

If you have multiple desktop environments installed, you may experience that
none of the "virtual consoles" show a login prompt.

This issue seems to occur when plymouth, systemd, and GNOME are all installed. This
issue is reported as Debian Bug#766462.

It has been reported that removing the "splash" argument from the kernel
command-line may work around the issue. Please see
/etc/default/grub and remember to run
update-grub after updating the file.

5.16. "VGA signal out of range" / blank screen during boot with grub-pc

There is a compatibility issue in grub-pc with older graphics cards (e.g. the
"ATI Rage 128 Pro Ultra TR") that can cause it to show a blank screen during
boot. The display may issue a "VGA signal out of range" message (or
something similar).

A simple work around is to set GRUB_TERMINAL=console in
/etc/default/grub.

5.17. Stricter validation of cron files in crontab

The crontab program is now more strict and may refuse to
save a changed cron file if it is invalid. If you experience issues with
crontab -e, please review your crontab for existing
mistakes.

5.18. Change in handling of unreadable module paths by perl

From version 5.18 (and 5.20, which is included in Jessie), Perl will exit
with a fatal error if it encounters unreadable module paths in
@INC. The previous behavior was to skip such entries. It
is recommended to check the contents of @INC in your
environment for directories which are not world-readable, and take
appropriate action.

You can see the default @INC for Perl by running
perl -V.

5.19. Upgrade considerations for Ganeti clusters

The version of ganeti (2.12.0-3)
released with Jessie does not support migrations from installations running
2.5 or earlier (including Wheezy) in cases where there are instances with
DRBD disks. It is hoped that this issue will be fixed in a point release,
and recommended that you do not upgrade affected Ganeti clusters in the
meantime. You can find more information about this issue at Debian Bug#783186.

5.19.2. General notes on upgrading Ganeti clusters

The recommended procedure to upgrade a Ganeti cluster from Wheezy's
ganeti version (2.5.2-1) to Jessie's
(2.12.0-3) is to stop all instances and then upgrade and reboot all nodes at
once. This will ensure that all instances run with Jessie's hypervisor
version and that all nodes run the same versions of Ganeti and DRBD.

Note that running a cluster with mixed 2.5 and 2.12 nodes is not
supported. Also note that, depending on the hypervisor, instance live
migrations may not work between Wheezy and Jessie hypervisor versions.

5.20. New requirements for file execution in Samba4

If a client requests that a file should be "opened for execution", Samba4
will require the executable bit to be set on the file in addition to the
regular read permissions. This also causes "netlogon" scripts to be
silently ignored if they lack this executable bit.

5.21. Cryptsetup can break boot with BUSYBOX=n

Poznámka

This section only applies to people that have manually changed their
/etc/initramfs-tools/initramfs.conf to not use busybox.

If you have bothbusybox and cryptsetup installed plus configured initramfs
to not use busybox, then it may render your system
unbootable.

Please check the value of your BUSYBOX setting in
/etc/initramfs-tools/initramfs.conf if you have both of
these packages installed. At this time, known work arounds are uninstalling
busybox or setting
BUSYBOX=y in
/etc/initramfs-tools/initramfs.conf.

Varovanie

If you had to make any changes, please remember to run
update-initramfs -u to update your initramfs. Otherwise,
you may still end up with a broken boot.

5.22. Backwards incompatible changes in the Squid webproxy

Poznámka

This section only applies to people that have installed the squid webproxy.

The configuration of squid has changed in an incompatible way. Notably some
of the squid "helpers" have changed their name. If your configuration
relies on old features no longer present or on the old names for the
helpers, your squid service may fail to start after the upgrade.

Please see the upstream release notes for more information. These are: